All geek questions in one place

Exit HTTP Basic Auth protocol in Laravel

I have one user class, which consists of two types of users and allows other users to go to different pages.

I created a filter as follows

Route::filter('isExpert', function() { $userIsExpert = 0; $userIsLoggedIn = Auth::check(); if ($userIsLoggedIn && Auth::user()->role == 'expert') { $userIsExpert = 1; } Log::info('Logged in: ' . $userIsLoggedIn . ' && Expert: ' . $userIsExpert); if ($userIsExpert == 0) { Log::info('should be logging out now.'); Auth::logout(); return Auth::basic(); } });

And such routing

 Route::get('/winners', array('before' => 'isExpert', function() { $winners = DB::select('select * from winners'); return View::make('winners.index')->with('winners',$winners); }));

The idea is this: if he is not an expert, he will log out and be redirected to the login page. If so, it will just go on. However, Auth :: logout (); never logs out.

Question

Why does Auth :: logout () not work? I tried to place it anywhere in the application to no avail.

amuses

+6
source share
4 answers

I had the same problem, I really could not log out of the current user ... And the answer is simple: Laravel does not support logout () with Auth :: basic ().

There are ways to fix this, but it is not very clean; https://www.google.nl/search?q=logout+basic

+7
source

The easiest way I found for this is to redirect to the wrong username / password on the logout route. Example:

 Route::get('admin/logout', function() { return Redirect::to(preg_replace("/:\/\//", "://log-me-out: fake-pwd@ ", url('admin/logout'))); });
+3
source

This is not a limitation for Laravel; basic HTTP authorization is not intended to handle registration. The client will remain on until the browser closes.

Basic HTTP authorization should not really be used in any public production environment. Here are a few reasons:

  • It is not possible to give users a “remember me” description in the login form.
  • Password managers do not have or do not have HTTP Basic Auth support, since this is not HTML rendered, but a native popup.
  • Awful user interface. Drawing up the correct entry form is well worth the short time.

The only valid case that I can think of is to protect public subdomains such as dev.example.com, but there are other ways to solve this problem.

+3
source

If you implemented these methods in User.php

 /** * Get the e-mail address where password reminders are sent. * * @return string */ public function getReminderEmail() { return $this->email; } public function getRememberToken() { return $this->remember_token; } public function setRememberToken($value) { $this->remember_token = $value; } public function getRememberTokenName() { return 'remember_token'; }

add a new column called "remember_token" to your "users" of the table in the mysql database, and then log out, and finally it will resolve successfully. to alternate your table, use this SQL command:

 ALTER TABLE users ADD remember_token TEXT;

and then click the "Go" button.

0
source

Source: https://habr.com/ru/post/951952/

More articles:


All Articles